diff --git a/backport-libsemanage-avoid-leak-on-realloc-failure.patch b/backport-libsemanage-avoid-leak-on-realloc-failure.patch deleted file mode 100644 index 9c5e6bdebf5d608556333d0fff0eef552c1b39fb..0000000000000000000000000000000000000000 --- a/backport-libsemanage-avoid-leak-on-realloc-failure.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 73f958b01aa15c55cd69f188b8a5ed44601ac406 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= -Date: Mon, 11 Nov 2024 15:16:38 +0100 -Subject: [PATCH] libsemanage: avoid leak on realloc failure -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Christian Göttsche -Acked-by: James Carter - -Conflict:NA -Reference:https://github.com/SELinuxProject/selinux/commit/73f958b01aa15c55cd69f188b8a5ed44601ac406 - ---- - src/direct_api.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/src/direct_api.c b/src/direct_api.c -index ed4343dc..288e491a 100644 ---- a/src/direct_api.c -+++ b/src/direct_api.c -@@ -599,12 +599,16 @@ static int read_from_pipe_to_data(semanage_handle_t *sh, size_t initial_len, int - while ((read_len = read(fd, data_read + data_read_len, max_len - data_read_len)) > 0) { - data_read_len += read_len; - if (data_read_len == max_len) { -+ char *tmp; -+ - max_len *= 2; -- data_read = realloc(data_read, max_len); -- if (data_read == NULL) { -+ tmp = realloc(data_read, max_len); -+ if (tmp == NULL) { - ERR(sh, "Failed to realloc, out of memory.\n"); -+ free(data_read); - return -1; - } -+ data_read = tmp; - } - } - --- -2.33.0 - diff --git a/backport-libsemanage-check-closing-written-files.patch b/backport-libsemanage-check-closing-written-files.patch deleted file mode 100644 index 8696de5d7609b9305f0f03c7bec2391c979059ae..0000000000000000000000000000000000000000 --- a/backport-libsemanage-check-closing-written-files.patch +++ /dev/null @@ -1,168 +0,0 @@ -From 2cc2d1ed1fa78dfdb879f3c2a0b21fa23eeb2504 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= -Date: Mon, 25 Nov 2024 12:18:36 +0100 -Subject: [PATCH] libsemanage: check closing written files -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Check that closing a file that has been written to is successful, to -avoid potential unsuccessful writes/syncs. - -Signed-off-by: Christian Göttsche - -Conflict:NA -Reference:https://github.com/SELinuxProject/selinux/commit/2cc2d1ed1fa78dfdb879f3c2a0b21fa23eeb2504 - ---- - src/database_file.c | 5 ++++- - src/direct_api.c | 15 +++++++++------ - src/genhomedircon.c | 3 ++- - src/semanage_store.c | 18 +++++++++++++----- - 4 files changed, 28 insertions(+), 13 deletions(-) - -diff --git a/src/database_file.c b/src/database_file.c -index 47814254..214dbe6c 100644 ---- a/src/database_file.c -+++ b/src/database_file.c -@@ -149,7 +149,10 @@ static int dbase_file_flush(semanage_handle_t * handle, dbase_file_t * dbase) - } - - dbase_llist_set_modified(&dbase->llist, 0); -- fclose(str); -+ if (fclose(str) != 0 && errno != EINTR) { -+ str = NULL; -+ goto err; -+ } - return STATUS_SUCCESS; - - err: -diff --git a/src/direct_api.c b/src/direct_api.c -index 0e7ef4da..87c7627d 100644 ---- a/src/direct_api.c -+++ b/src/direct_api.c -@@ -467,7 +467,10 @@ static int write_file(semanage_handle_t * sh, - close(out); - return -1; - } -- close(out); -+ if (close(out) == -1 && errno != EINTR) { -+ ERR(sh, "Error while closing %s.", filename); -+ return -1; -+ } - return 0; - } - -@@ -839,7 +842,7 @@ static int semanage_direct_write_langext(semanage_handle_t *sh, - goto cleanup; - } - -- if (fclose(fp) != 0) { -+ if (fclose(fp) != 0 && errno != EINTR) { - ERR(sh, "Unable to close %s module ext file.", modinfo->name); - fp = NULL; - ret = -1; -@@ -1216,7 +1219,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) - FILE *touch; - touch = fopen(path, "we"); - if (touch != NULL) { -- if (fclose(touch) != 0) { -+ if (fclose(touch) != 0 && errno != EINTR) { - ERR(sh, "Error attempting to create disable_dontaudit flag."); - goto cleanup; - } -@@ -1248,7 +1251,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) - FILE *touch; - touch = fopen(path, "we"); - if (touch != NULL) { -- if (fclose(touch) != 0) { -+ if (fclose(touch) != 0 && errno != EINTR) { - ERR(sh, "Error attempting to create preserve_tunable flag."); - goto cleanup; - } -@@ -2120,7 +2123,7 @@ static int semanage_direct_set_enabled(semanage_handle_t *sh, - - ret = fclose(fp); - fp = NULL; -- if (ret != 0) { -+ if (ret != 0 && errno != EINTR) { - ERR(sh, - "Unable to close disabled file for module %s", - modkey->name); -@@ -2321,7 +2324,7 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh, - free(tmp); - tmp = NULL; - -- if (fclose(fp) != 0) { -+ if (fclose(fp) != 0 && errno != EINTR) { - fp = NULL; - ERR(sh, - "Unable to close %s module lang ext file.", -diff --git a/src/genhomedircon.c b/src/genhomedircon.c -index 4949bc75..19543799 100644 ---- a/src/genhomedircon.c -+++ b/src/genhomedircon.c -@@ -1429,7 +1429,8 @@ int semanage_genhomedircon(semanage_handle_t * sh, - - done: - if (out != NULL) -- fclose(out); -+ if (fclose(out) != 0 && errno != EINTR) -+ retval = STATUS_ERR; - - while (s.fallback) - pop_user_entry(&(s.fallback)); -diff --git a/src/semanage_store.c b/src/semanage_store.c -index cdb495cb..e44efc16 100644 ---- a/src/semanage_store.c -+++ b/src/semanage_store.c -@@ -717,7 +717,7 @@ int semanage_copy_file(semanage_handle_t *sh, const char *src, const char *dst, - errsv = errno; - retval = -1; - } -- if (close(out) < 0) { -+ if (close(out) < 0 && errno != EINTR) { - errsv = errno; - retval = -1; - } -@@ -1536,9 +1536,11 @@ int semanage_split_fc(semanage_handle_t * sh) - if (file_con) - fclose(file_con); - if (fc >= 0) -- close(fc); -+ if (close(fc) == -1 && errno != EINTR) -+ retval = -1; - if (hd >= 0) -- close(hd); -+ if (close(hd) == -1 && errno != EINTR) -+ retval = -1; - - return retval; - -@@ -1732,7 +1734,11 @@ static int semanage_commit_sandbox(semanage_handle_t * sh) - close(fd); - return -1; - } -- close(fd); -+ if (close(fd) == -1 && errno != EINTR) { -+ ERR(sh, "Error while closing commit number file %s.", -+ commit_filename); -+ return -1; -+ } - - /* sync changes in sandbox to filesystem */ - fd = open(sandbox, O_DIRECTORY | O_CLOEXEC); -@@ -2157,7 +2163,9 @@ int semanage_write_policydb(semanage_handle_t * sh, sepol_policydb_t * out, - - cleanup: - if (outfile != NULL) { -- fclose(outfile); -+ if (fclose(outfile) != 0 && errno != EINTR) { -+ retval = STATUS_ERR; -+ } - } - umask(mask); - sepol_policy_file_free(pf); --- -2.33.0 - diff --git a/backport-libsemanage-check-for-path-formatting-failures.patch b/backport-libsemanage-check-for-path-formatting-failures.patch deleted file mode 100644 index 14e204e7ae6be43f87ac0ea52e75e648aa0bb329..0000000000000000000000000000000000000000 --- a/backport-libsemanage-check-for-path-formatting-failures.patch +++ /dev/null @@ -1,80 +0,0 @@ -From 50f3cfd27b59f1a5efdf728827974ad02472c0b2 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= -Date: Mon, 11 Nov 2024 15:16:43 +0100 -Subject: [PATCH] libsemanage: check for path formatting failures -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Christian Göttsche -Acked-by: James Carter - -Conflict:NA -Reference:https://github.com/SELinuxProject/selinux/commit/50f3cfd27b59f1a5efdf728827974ad02472c0b2 - ---- - src/semanage_store.c | 22 +++++++++++++++++----- - 1 file changed, 17 insertions(+), 5 deletions(-) - -diff --git a/src/semanage_store.c b/src/semanage_store.c -index 23b91ae2..2cd992eb 100644 ---- a/src/semanage_store.c -+++ b/src/semanage_store.c -@@ -798,7 +798,7 @@ static int semanage_copy_dir(const char *src, const char *dst) - * well. Returns 0 on success, -1 on error. */ - static int semanage_copy_dir_flags(const char *src, const char *dst, int flag) - { -- int i, len = 0, retval = -1; -+ int i, len = 0, rc, retval = -1; - struct stat sb; - struct dirent **names = NULL; - char path[PATH_MAX], path2[PATH_MAX]; -@@ -822,13 +822,21 @@ static int semanage_copy_dir_flags(const char *src, const char *dst, int flag) - } - - for (i = 0; i < len; i++) { -- snprintf(path, sizeof(path), "%s/%s", src, names[i]->d_name); -+ rc = snprintf(path, sizeof(path), "%s/%s", src, names[i]->d_name); -+ if (rc < 0 || (size_t)rc >= sizeof(path)) { -+ errno = EOVERFLOW; -+ goto cleanup; -+ } - /* stat() to see if this entry is a file or not since - * d_type isn't set properly on XFS */ - if (stat(path, &sb)) { - goto cleanup; - } -- snprintf(path2, sizeof(path2), "%s/%s", dst, names[i]->d_name); -+ rc = snprintf(path2, sizeof(path2), "%s/%s", dst, names[i]->d_name); -+ if (rc < 0 || (size_t)rc >= sizeof(path2)) { -+ errno = EOVERFLOW; -+ goto cleanup; -+ } - if (S_ISDIR(sb.st_mode)) { - mask = umask(0077); - if (mkdir(path2, 0700) == -1 || -@@ -862,7 +870,7 @@ static int semanage_copy_dir_flags(const char *src, const char *dst, int flag) - int semanage_remove_directory(const char *path) - { - struct dirent **namelist = NULL; -- int num_entries, i; -+ int num_entries, i, rc; - if ((num_entries = scandir(path, &namelist, semanage_filename_select, - NULL)) == -1) { - return -1; -@@ -870,7 +878,11 @@ int semanage_remove_directory(const char *path) - for (i = 0; i < num_entries; i++) { - char s[PATH_MAX]; - struct stat buf; -- snprintf(s, sizeof(s), "%s/%s", path, namelist[i]->d_name); -+ rc = snprintf(s, sizeof(s), "%s/%s", path, namelist[i]->d_name); -+ if (rc < 0 || (size_t)rc >= sizeof(s)) { -+ errno = EOVERFLOW; -+ return -2; -+ } - if (stat(s, &buf) == -1) { - return -2; - } --- -2.33.0 - diff --git a/backport-libsemanage-check-memory-allocations.patch b/backport-libsemanage-check-memory-allocations.patch deleted file mode 100644 index 70f3f5d69541c1312acd36c9435aaf6443138fae..0000000000000000000000000000000000000000 --- a/backport-libsemanage-check-memory-allocations.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 7a35e57c64faedbb11a880652604b36dd35afad1 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= -Date: Mon, 11 Nov 2024 15:16:30 +0100 -Subject: [PATCH] libsemanage: check memory allocations -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Christian Göttsche -Acked-by: James Carter - -Conflict:NA -Reference:https://github.com/SELinuxProject/selinux/commit/7a35e57c64faedbb11a880652604b36dd35afad1 - ---- - src/conf-parse.y | 6 ++++++ - src/handle.c | 2 ++ - 2 files changed, 8 insertions(+) - -diff --git a/src/conf-parse.y b/src/conf-parse.y -index 2b131eeb..b93080cd 100644 ---- a/src/conf-parse.y -+++ b/src/conf-parse.y -@@ -382,6 +382,12 @@ static int semanage_conf_init(semanage_conf_t * conf) - conf->save_previous = 0; - conf->save_linked = 0; - -+ if (!conf->store_path || -+ !conf->store_root_path || -+ !conf->compiler_directory_path) { -+ return -1; -+ } -+ - if ((conf->load_policy = - calloc(1, sizeof(*(current_conf->load_policy)))) == NULL) { - return -1; -diff --git a/src/handle.c b/src/handle.c -index d5baa614..f048f6d7 100644 ---- a/src/handle.c -+++ b/src/handle.c -@@ -45,6 +45,8 @@ int semanage_set_root(const char *root) - { - free(private_semanage_root); - private_semanage_root = strdup(root); -+ if (!private_semanage_root) -+ return -1; - return 0; - } - --- -2.33.0 - diff --git a/backport-libsemanage-direct_api-INTEGER_OVERFLOW-read_len-rea.patch b/backport-libsemanage-direct_api-INTEGER_OVERFLOW-read_len-rea.patch deleted file mode 100644 index 8a21c827d3c57e7ba25700c304388d81733af088..0000000000000000000000000000000000000000 --- a/backport-libsemanage-direct_api-INTEGER_OVERFLOW-read_len-rea.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 9b4eff9222b24d4b5f2784db281f4f53019263b0 Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Fri, 25 Oct 2024 20:32:07 +0200 -Subject: [PATCH] libsemanage/direct_api: INTEGER_OVERFLOW read_len = read() - -The following statement is always true if read_len is unsigned: -(read_len = read(fd, data_read + data_read_len, max_len - data_read_len)) > 0 - -Fixes: - Error: INTEGER_OVERFLOW (CWE-190): [#def19] [important] - libsemanage-3.7/src/direct_api.c:598:2: tainted_data_return: Called function "read(fd, data_read + data_read_len, max_len - data_read_len)", and a possible return value may be less than zero. - libsemanage-3.7/src/direct_api.c:598:2: cast_underflow: An assign of a possibly negative number to an unsigned type, which might trigger an underflow. - libsemanage-3.7/src/direct_api.c:599:3: overflow: The expression "data_read_len += read_len" is deemed underflowed because at least one of its arguments has underflowed. - libsemanage-3.7/src/direct_api.c:598:2: overflow: The expression "max_len - data_read_len" is deemed underflowed because at least one of its arguments has underflowed. - libsemanage-3.7/src/direct_api.c:598:2: overflow_sink: "max_len - data_read_len", which might have underflowed, is passed to "read(fd, data_read + data_read_len, max_len - data_read_len)". [Note: The source code implementation of the function has been overridden by a builtin model.] - \# 596| } - \# 597| - \# 598|-> while ((read_len = read(fd, data_read + data_read_len, max_len - data_read_len)) > 0) { - \# 599| data_read_len += read_len; - \# 600| if (data_read_len == max_len) { - -Signed-off-by: Vit Mojzis -Acked-by: James Carter - -Conflict:NA -Reference:https://github.com/SELinuxProject/selinux/commit/9b4eff9222b24d4b5f2784db281f4f53019263b0 - ---- - src/direct_api.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/direct_api.c b/src/direct_api.c -index d740070d..7631c7bf 100644 ---- a/src/direct_api.c -+++ b/src/direct_api.c -@@ -582,7 +582,7 @@ cleanup: - static int read_from_pipe_to_data(semanage_handle_t *sh, size_t initial_len, int fd, char **out_data_read, size_t *out_read_len) - { - size_t max_len = initial_len; -- size_t read_len = 0; -+ ssize_t read_len = 0; - size_t data_read_len = 0; - char *data_read = NULL; - --- -2.33.0 - diff --git a/backport-libsemanage-drop-duplicate-newlines-and-error-descriptions-in-error-messages.patch b/backport-libsemanage-drop-duplicate-newlines-and-error-descriptions-in-error-messages.patch deleted file mode 100644 index 85f19dcd5f2cdf4b075bfdb6d52332afdb7d8db3..0000000000000000000000000000000000000000 --- a/backport-libsemanage-drop-duplicate-newlines-and-error-descriptions-in-error-messages.patch +++ /dev/null @@ -1,527 +0,0 @@ -From 4a8407a2ee9cc3b458eb1f71cc3820bce728a5b7 Mon Sep 17 00:00:00 2001 -From: Christian Göttsche -Date: Fri, 18 Apr 2025 16:07:23 +0800 -Subject: [PATCH] - libsemanage-drop-duplicate-newlines-and-error-descriptions-in-error-messages - -Reference: https://github.com/SELinuxProject/selinux/commit/d3a5ae39bee42eac520a3d07f252251a2167a323 - ---- - src/compressed_file.c | 4 +- - src/database_file.c | 4 +- - src/database_policydb.c | 4 +- - src/direct_api.c | 98 ++++++++++++++++++++--------------------- - src/genhomedircon.c | 2 +- - src/handle.c | 2 +- - src/parse_utils.c | 4 +- - src/semanage_store.c | 6 +-- - 8 files changed, 60 insertions(+), 64 deletions(-) - -diff --git a/src/compressed_file.c b/src/compressed_file.c -index d6a8526..3718ad9 100644 ---- a/src/compressed_file.c -+++ b/src/compressed_file.c -@@ -174,13 +174,13 @@ int map_compressed_file(semanage_handle_t *sh, const char *path, - - fd = open(path, O_RDONLY | O_CLOEXEC); - if (fd == -1) { -- ERR(sh, "Unable to open %s\n", path); -+ ERR(sh, "Unable to open %s.", path); - return -1; - } - - file = fdopen(fd, "r"); - if (file == NULL) { -- ERR(sh, "Unable to open %s\n", path); -+ ERR(sh, "Unable to open %s.", path); - close(fd); - return -1; - } -diff --git a/src/database_file.c b/src/database_file.c -index 4737d57..0ee5d39 100644 ---- a/src/database_file.c -+++ b/src/database_file.c -@@ -130,8 +130,8 @@ static int dbase_file_flush(semanage_handle_t * handle, dbase_file_t * dbase) - str = fopen(fname, "we"); - umask(mask); - if (!str) { -- ERR(handle, "could not open %s for writing: %s", -- fname, strerror(errno)); -+ ERR(handle, "could not open %s for writing", -+ fname); - goto err; - } - __fsetlocking(str, FSETLOCKING_BYCALLER); -diff --git a/src/database_policydb.c b/src/database_policydb.c -index 079d573..d1472a2 100644 ---- a/src/database_policydb.c -+++ b/src/database_policydb.c -@@ -113,8 +113,8 @@ static int dbase_policydb_cache(semanage_handle_t * handle, - * ENOENT is not fatal - we just create an empty policydb */ - fp = fopen(fname, "rbe"); - if (fp == NULL && errno != ENOENT) { -- ERR(handle, "could not open %s for reading: %s", -- fname, strerror(errno)); -+ ERR(handle, "could not open %s for reading", -+ fname); - goto err; - } - -diff --git a/src/direct_api.c b/src/direct_api.c -index 9c35bc0..025b26e 100644 ---- a/src/direct_api.c -+++ b/src/direct_api.c -@@ -313,7 +313,7 @@ int semanage_direct_connect(semanage_handle_t * sh) - /* The file does not exist */ - sepol_set_disable_dontaudit(sh->sepolh, 0); - } else { -- ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); -+ ERR(sh, "Unable to access %s.", path); - goto err; - } - -@@ -595,7 +595,7 @@ static int read_from_pipe_to_data(semanage_handle_t *sh, size_t initial_len, int - } - data_read = malloc(max_len * sizeof(*data_read)); - if (data_read == NULL) { -- ERR(sh, "Failed to malloc, out of memory.\n"); -+ ERR(sh, "Failed to malloc, out of memory."); - return -1; - } - -@@ -607,7 +607,7 @@ static int read_from_pipe_to_data(semanage_handle_t *sh, size_t initial_len, int - max_len *= 2; - tmp = realloc(data_read, max_len); - if (tmp == NULL) { -- ERR(sh, "Failed to realloc, out of memory.\n"); -+ ERR(sh, "Failed to realloc, out of memory."); - free(data_read); - return -1; - } -@@ -649,93 +649,93 @@ static int semanage_pipe_data(semanage_handle_t *sh, char *path, char *in_data, - - retval = pipe2(input_fd, O_CLOEXEC); - if (retval == -1) { -- ERR(sh, "Unable to create pipe for input pipe: %s\n", strerror(errno)); -+ ERR(sh, "Unable to create pipe for input pipe."); - goto cleanup; - } - retval = pipe2(output_fd, O_CLOEXEC); - if (retval == -1) { -- ERR(sh, "Unable to create pipe for output pipe: %s\n", strerror(errno)); -+ ERR(sh, "Unable to create pipe for output pipe."); - goto cleanup; - } - retval = pipe2(err_fd, O_CLOEXEC); - if (retval == -1) { -- ERR(sh, "Unable to create pipe for error pipe: %s\n", strerror(errno)); -+ ERR(sh, "Unable to create pipe for error pipe."); - goto cleanup; - } - - pid = fork(); - if (pid == -1) { -- ERR(sh, "Unable to fork from parent: %s.", strerror(errno)); -+ ERR(sh, "Unable to fork from parent."); - retval = -1; - goto cleanup; - } else if (pid == 0) { - retval = dup2(input_fd[PIPE_READ], STDIN_FILENO); - if (retval == -1) { -- ERR(sh, "Unable to dup2 input pipe: %s\n", strerror(errno)); -+ ERR(sh, "Unable to dup2 input pipe."); - goto cleanup; - } - retval = dup2(output_fd[PIPE_WRITE], STDOUT_FILENO); - if (retval == -1) { -- ERR(sh, "Unable to dup2 output pipe: %s\n", strerror(errno)); -+ ERR(sh, "Unable to dup2 output pipe."); - goto cleanup; - } - retval = dup2(err_fd[PIPE_WRITE], STDERR_FILENO); - if (retval == -1) { -- ERR(sh, "Unable to dup2 error pipe: %s\n", strerror(errno)); -+ ERR(sh, "Unable to dup2 error pipe."); - goto cleanup; - } - - retval = close(input_fd[PIPE_WRITE]); - if (retval == -1) { -- ERR(sh, "Unable to close input pipe: %s\n", strerror(errno)); -+ ERR(sh, "Unable to close input pipe."); - goto cleanup; - } - retval = close(output_fd[PIPE_READ]); - if (retval == -1) { -- ERR(sh, "Unable to close output pipe: %s\n", strerror(errno)); -+ ERR(sh, "Unable to close output pipe."); - goto cleanup; - } - retval = close(err_fd[PIPE_READ]); - if (retval == -1) { -- ERR(sh, "Unable to close error pipe: %s\n", strerror(errno)); -+ ERR(sh, "Unable to close error pipe."); - goto cleanup; - } - retval = execl(path, path, NULL); - if (retval == -1) { -- ERR(sh, "Unable to execute %s : %s\n", path, strerror(errno)); -+ ERR(sh, "Unable to execute %s.", path); - _exit(EXIT_FAILURE); - } - } else { - retval = close(input_fd[PIPE_READ]); - input_fd[PIPE_READ] = -1; - if (retval == -1) { -- ERR(sh, "Unable to close read end of input pipe: %s\n", strerror(errno)); -+ ERR(sh, "Unable to close read end of input pipe."); - goto cleanup; - } - - retval = close(output_fd[PIPE_WRITE]); - output_fd[PIPE_WRITE] = -1; - if (retval == -1) { -- ERR(sh, "Unable to close write end of output pipe: %s\n", strerror(errno)); -+ ERR(sh, "Unable to close write end of output pipe."); - goto cleanup; - } - - retval = close(err_fd[PIPE_WRITE]); - err_fd[PIPE_WRITE] = -1; - if (retval == -1) { -- ERR(sh, "Unable to close write end of error pipe: %s\n", strerror(errno)); -+ ERR(sh, "Unable to close write end of error pipe."); - goto cleanup; - } - - retval = write(input_fd[PIPE_WRITE], in_data, in_data_len); - if (retval == -1) { -- ERR(sh, "Failed to write data to input pipe: %s\n", strerror(errno)); -+ ERR(sh, "Failed to write data to input pipe."); - goto cleanup; - } - retval = close(input_fd[PIPE_WRITE]); - input_fd[PIPE_WRITE] = -1; - if (retval == -1) { -- ERR(sh, "Unable to close write end of input pipe: %s\n", strerror(errno)); -+ ERR(sh, "Unable to close write end of input pipe."); - goto cleanup; - } - -@@ -747,7 +747,7 @@ static int semanage_pipe_data(semanage_handle_t *sh, char *path, char *in_data, - retval = close(output_fd[PIPE_READ]); - output_fd[PIPE_READ] = -1; - if (retval == -1) { -- ERR(sh, "Unable to close read end of output pipe: %s\n", strerror(errno)); -+ ERR(sh, "Unable to close read end of output pipe."); - goto cleanup; - } - -@@ -759,7 +759,7 @@ static int semanage_pipe_data(semanage_handle_t *sh, char *path, char *in_data, - retval = close(err_fd[PIPE_READ]); - err_fd[PIPE_READ] = -1; - if (retval == -1) { -- ERR(sh, "Unable to close read end of error pipe: %s\n", strerror(errno)); -+ ERR(sh, "Unable to close read end of error pipe."); - goto cleanup; - } - -@@ -918,7 +918,7 @@ static int semanage_compile_module(semanage_handle_t *sh, - - status = map_compressed_file(sh, hll_path, &hll_contents); - if (status < 0) { -- ERR(sh, "Unable to read file %s\n", hll_path); -+ ERR(sh, "Unable to read file %s.", hll_path); - goto cleanup; - } - -@@ -928,16 +928,13 @@ static int semanage_compile_module(semanage_handle_t *sh, - if (err_data_len > 0) { - for (start = end = err_data; end < err_data + err_data_len; end++) { - if (*end == '\n') { -- fprintf(stderr, "%s: ", modinfo->name); -- fwrite(start, 1, end - start + 1, stderr); -+ ERR(sh, "%s: %.*s.", modinfo->name, (int)(end - start + 1), start); - start = end + 1; - } - } - - if (end != start) { -- fprintf(stderr, "%s: ", modinfo->name); -- fwrite(start, 1, end - start, stderr); -- fprintf(stderr, "\n"); -+ ERR(sh, "%s: %.*s.", modinfo->name, (int)(end - start), start); - } - } - if (status != 0) { -@@ -951,14 +948,14 @@ static int semanage_compile_module(semanage_handle_t *sh, - - status = write_compressed_file(sh, cil_path, cil_data, cil_data_len); - if (status == -1) { -- ERR(sh, "Failed to write %s\n", cil_path); -+ ERR(sh, "Failed to write %s.", cil_path); - goto cleanup; - } - - if (sh->conf->remove_hll == 1) { - status = unlink(hll_path); - if (status != 0) { -- ERR(sh, "Error while removing HLL file %s: %s", hll_path, strerror(errno)); -+ ERR(sh, "Error while removing HLL file %s.", hll_path); - goto cleanup; - } - -@@ -1037,8 +1034,7 @@ static int semanage_compile_hll_modules(semanage_handle_t *sh, - unmap_compressed_file(&contents); - continue; - } else if (errno != ENOENT) { -- ERR(sh, "Unable to access %s: %s\n", cil_path, -- strerror(errno)); -+ ERR(sh, "Unable to access %s.", cil_path); - return -1; //an error in the "stat" call - } - } -@@ -1063,7 +1059,7 @@ static int semanage_compare_checksum(semanage_handle_t *sh, const char *referenc - fd = open(path, O_RDONLY | O_CLOEXEC); - if (fd == -1) { - if (errno != ENOENT) { -- ERR(sh, "Unable to open %s: %s\n", path, strerror(errno)); -+ ERR(sh, "Unable to open %s.", path); - return -1; - } - /* Checksum file not present - force a rebuild. */ -@@ -1071,21 +1067,21 @@ static int semanage_compare_checksum(semanage_handle_t *sh, const char *referenc - } - - if (fstat(fd, &sb) == -1) { -- ERR(sh, "Unable to stat %s\n", path); -+ ERR(sh, "Unable to stat %s.", path); - retval = -1; - goto out_close; - } - - if (sb.st_size != (off_t)CHECKSUM_CONTENT_SIZE) { - /* Incompatible/invalid hash type - just force a rebuild. */ -- WARN(sh, "Module checksum invalid - forcing a rebuild\n"); -+ WARN(sh, "Module checksum invalid - forcing a rebuild."); - retval = 1; - goto out_close; - } - - data = mmap(NULL, CHECKSUM_CONTENT_SIZE, PROT_READ, MAP_PRIVATE, fd, 0); - if (data == MAP_FAILED) { -- ERR(sh, "Unable to mmap %s\n", path); -+ ERR(sh, "Unable to mmap %s.", path); - retval = -1; - goto out_close; - } -@@ -1194,7 +1190,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) - /* The file does not exist */ - do_rebuild |= (sepol_get_disable_dontaudit(sh->sepolh) == 1); - } else { -- ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); -+ ERR(sh, "Unable to access %s.", path); - retval = -1; - goto cleanup; - } -@@ -1225,7 +1221,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) - /* The file does not exist */ - do_rebuild |= (sepol_get_preserve_tunables(sh->sepolh) == 1); - } else { -- ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); -+ ERR(sh, "Unable to access %s.", path); - retval = -1; - goto cleanup; - } -@@ -1261,7 +1257,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) - path = semanage_path(SEMANAGE_TMP, semanage_computed_files[i]); - if (stat(path, &sb) != 0) { - if (errno != ENOENT) { -- ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); -+ ERR(sh, "Unable to access %s.", path); - retval = -1; - goto cleanup; - } -@@ -1285,7 +1281,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) - retval = semanage_compile_hll_modules(sh, modinfos, num_modinfos, - modules_checksum); - if (retval < 0) { -- ERR(sh, "Failed to compile hll files into cil files.\n"); -+ ERR(sh, "Failed to compile hll files into cil files."); - goto cleanup; - } - -@@ -1298,7 +1294,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) - - retval = semanage_write_modules_checksum(sh, modules_checksum); - if (retval < 0) { -- ERR(sh, "Failed to write module checksum file.\n"); -+ ERR(sh, "Failed to write module checksum file."); - goto cleanup; - } - } -@@ -1419,7 +1415,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) - /* The file does not exist */ - pseusers->dtable->clear(sh, pseusers->dbase); - } else { -- ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); -+ ERR(sh, "Unable to access %s.", path); - retval = -1; - goto cleanup; - } -@@ -1707,13 +1703,13 @@ static int semanage_direct_install_file(semanage_handle_t * sh, - - retval = map_compressed_file(sh, install_filename, &contents); - if (retval < 0) { -- ERR(sh, "Unable to read file %s\n", install_filename); -+ ERR(sh, "Unable to read file %s", install_filename); - goto cleanup; - } - - path = strdup(install_filename); - if (path == NULL) { -- ERR(sh, "No memory available for strdup.\n"); -+ ERR(sh, "No memory available for strdup."); - retval = -1; - goto cleanup; - } -@@ -1754,12 +1750,12 @@ static int semanage_direct_install_file(semanage_handle_t * sh, - if (module_name == NULL) { - module_name = strdup(filename); - if (module_name == NULL) { -- ERR(sh, "No memory available for module_name.\n"); -+ ERR(sh, "No memory available for module_name."); - retval = -1; - goto cleanup; - } - } else if (strcmp(module_name, filename) != 0) { -- fprintf(stderr, "Warning: SELinux userspace will refer to the module from %s as %s rather than %s\n", install_filename, module_name, filename); -+ ERR(sh, "Warning: SELinux userspace will refer to the module from %s as %s rather than %s\n", install_filename, module_name, filename); - } - - retval = semanage_direct_install(sh, contents.data, contents.len, -@@ -1800,7 +1796,7 @@ static int semanage_direct_extract(semanage_handle_t * sh, - } - - if (stat(module_path, &sb) != 0) { -- ERR(sh, "Unable to access %s: %s\n", module_path, strerror(errno)); -+ ERR(sh, "Unable to access %s.", module_path); - rc = -1; - goto cleanup; - } -@@ -1831,7 +1827,7 @@ static int semanage_direct_extract(semanage_handle_t * sh, - - if (extract_cil == 1 && strcmp(_modinfo->lang_ext, "cil") && stat(input_file, &sb) != 0) { - if (errno != ENOENT) { -- ERR(sh, "Unable to access %s: %s\n", input_file, strerror(errno)); -+ ERR(sh, "Unable to access %s.", input_file); - rc = -1; - goto cleanup; - } -@@ -1996,7 +1992,7 @@ static int semanage_direct_get_enabled(semanage_handle_t *sh, - - if (stat(path, &sb) < 0) { - if (errno != ENOENT) { -- ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); -+ ERR(sh, "Unable to access %s.", path); - status = -1; - goto cleanup; - } -@@ -2329,7 +2325,7 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh, - /* set enabled/disabled status */ - if (stat(fn, &sb) < 0) { - if (errno != ENOENT) { -- ERR(sh, "Unable to access %s: %s\n", fn, strerror(errno)); -+ ERR(sh, "Unable to access %s.", fn); - status = -1; - goto cleanup; - } -@@ -2758,7 +2754,7 @@ static int semanage_direct_install_info(semanage_handle_t *sh, - /* validate module info */ - ret = semanage_module_info_validate(modinfo); - if (ret != 0) { -- ERR(sh, "%s failed module validation.\n", modinfo->name); -+ ERR(sh, "%s failed module validation.", modinfo->name); - status = -2; - goto cleanup; - } -@@ -2846,7 +2842,7 @@ static int semanage_direct_install_info(semanage_handle_t *sh, - if (stat(path, &sb) == 0) { - ret = unlink(path); - if (ret != 0) { -- ERR(sh, "Error while removing cached CIL file %s: %s", path, strerror(errno)); -+ ERR(sh, "Error while removing cached CIL file %s.", path); - status = -3; - goto cleanup; - } -diff --git a/src/genhomedircon.c b/src/genhomedircon.c -index 230015c..9f128d9 100644 ---- a/src/genhomedircon.c -+++ b/src/genhomedircon.c -@@ -1105,7 +1105,7 @@ static int get_group_users(genhomedircon_settings_t * s, - goto cleanup; - - if (group == NULL) { -- ERR(s->h_semanage, "Can't find group named %s\n", grname); -+ ERR(s->h_semanage, "Can't find group named %s", grname); - goto cleanup; - } - -diff --git a/src/handle.c b/src/handle.c -index 710d922..7f99c4e 100644 ---- a/src/handle.c -+++ b/src/handle.c -@@ -153,7 +153,7 @@ int semanage_get_hll_compiler_path(semanage_handle_t *sh, - - lower_lang_ext = strdup(lang_ext); - if (lower_lang_ext == NULL) { -- ERR(sh, "Could not create copy of lang_ext. Out of memory.\n"); -+ ERR(sh, "Could not create copy of lang_ext. Out of memory."); - status = -1; - goto cleanup; - } -diff --git a/src/parse_utils.c b/src/parse_utils.c -index 13837c8..cf7f7df 100644 ---- a/src/parse_utils.c -+++ b/src/parse_utils.c -@@ -47,8 +47,8 @@ int parse_open(semanage_handle_t * handle, parse_info_t * info) - - info->file_stream = fopen(info->filename, "re"); - if (!info->file_stream && (errno != ENOENT)) { -- ERR(handle, "could not open file %s: %s", -- info->filename, strerror(errno)); -+ ERR(handle, "could not open file %s.", -+ info->filename); - return STATUS_ERR; - } - if (info->file_stream) -diff --git a/src/semanage_store.c b/src/semanage_store.c -index 69d2f70..8c7bc31 100644 ---- a/src/semanage_store.c -+++ b/src/semanage_store.c -@@ -1590,7 +1590,7 @@ static int sefcontext_compile(semanage_handle_t * sh, const char *path) { - - if (stat(path, &sb) < 0) { - if (errno != ENOENT) { -- ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); -+ ERR(sh, "Unable to access %s.", path); - return -1; - } - -@@ -1777,11 +1777,11 @@ static int semanage_commit_sandbox(semanage_handle_t * sh) - /* sync changes in sandbox to filesystem */ - fd = open(sandbox, O_DIRECTORY | O_CLOEXEC); - if (fd == -1) { -- ERR(sh, "Error while opening %s for syncfs(): %d", sandbox, errno); -+ ERR(sh, "Error while opening %s for syncfs().", sandbox); - return -1; - } - if (syncfs(fd) == -1) { -- ERR(sh, "Error while syncing %s to filesystem: %d", sandbox, errno); -+ ERR(sh, "Error while syncing %s to filesystem.", sandbox); - close(fd); - return -1; - } --- -2.33.0 - diff --git a/backport-libsemanage-fix-asprintf-error-branch.patch b/backport-libsemanage-fix-asprintf-error-branch.patch deleted file mode 100644 index 6ccf043b97da28eb89649ee3736bf048d4826f94..0000000000000000000000000000000000000000 --- a/backport-libsemanage-fix-asprintf-error-branch.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 44f1323941cd3053e2cd5cdd6995667feca5fb52 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= -Date: Mon, 11 Nov 2024 15:16:37 +0100 -Subject: [PATCH] libsemanage: fix asprintf error branch -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The content of the first argument after a failure of asprintf(3) is -undefined and must not be used. - -Signed-off-by: Christian Göttsche -Acked-by: James Carter - -Conflict:NA -Reference:https://github.com/SELinuxProject/selinux/commit/44f1323941cd3053e2cd5cdd6995667feca5fb52 - ---- - src/boolean_record.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/boolean_record.c b/src/boolean_record.c -index 40dc6545..7878b04d 100644 ---- a/src/boolean_record.c -+++ b/src/boolean_record.c -@@ -107,8 +107,10 @@ int semanage_bool_set_name(semanage_handle_t * handle, - end++; - *end = '\0'; - rc = asprintf(&newroot, "%s%s%s", prefix, olddir, storename); -- if (rc < 0) -+ if (rc < 0) { -+ newroot = NULL; - goto out; -+ } - - if (strcmp(oldroot, newroot)) { - rc = selinux_set_policy_root(newroot); --- -2.33.0 - diff --git a/backport-libsemanage-fix-swig-bindings-for-4.3.0.patch b/backport-libsemanage-fix-swig-bindings-for-4.3.0.patch deleted file mode 100644 index 56cbe3b4a99744c558a218cf9f04529ae66c0dd7..0000000000000000000000000000000000000000 --- a/backport-libsemanage-fix-swig-bindings-for-4.3.0.patch +++ /dev/null @@ -1,414 +0,0 @@ -From e38815d7b44cac435195c82a54d2bf2517bc4b1a Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Wed, 16 Oct 2024 20:48:12 +0200 -Subject: [PATCH] libsemanage: fix swig bindings for 4.3.0 - -https://github.com/swig/swig/blob/master/CHANGES.current - -"[Python] #2907 Fix returning null from functions with output -parameters. Ensures OUTPUT and INOUT typemaps are handled -consistently wrt return type. - -New declaration of SWIG_Python_AppendOutput is now: - - SWIG_Python_AppendOutput(PyObject* result, PyObject* obj, int is_void); - -The 3rd parameter is new and the new $isvoid special variable -should be passed to it, indicating whether or not the wrapped -function returns void. - -Also consider replacing with: - - SWIG_AppendOutput(PyObject* result, PyObject* obj); - -which calls SWIG_Python_AppendOutput with same parameters but adding $isvoid -for final parameter." - -Fixes: https://github.com/SELinuxProject/selinux/issues/447 - -Suggested-by: Jitka Plesnikova -Signed-off-by: Petr Lautrbach -Acked-by: James Carter ---- - src/semanageswig_python.i | 64 +++++++++++++-------------- - src/semanageswig_ruby.i | 32 +++++++------- - 2 files changed, 48 insertions(+), 48 deletions(-) - -diff --git a/src/semanageswig_python.i b/src/semanageswig_python.i -index 5f01139669..0e27424f4d 100644 ---- a/src/semanageswig_python.i -+++ b/src/semanageswig_python.i -@@ -111,7 +111,7 @@ - } - - %typemap(argout) char** { -- $result = SWIG_Python_AppendOutput($result, SWIG_FromCharPtr(*$1)); -+ $result = SWIG_AppendOutput($result, SWIG_FromCharPtr(*$1)); - free(*$1); - } - -@@ -134,7 +134,7 @@ - NULL, NULL, &plist) < 0) - $result = SWIG_From_int(STATUS_ERR); - else -- $result = SWIG_Python_AppendOutput($result, plist); -+ $result = SWIG_AppendOutput($result, plist); - } - } - } -@@ -148,7 +148,7 @@ - } - - %typemap(argout) semanage_module_info_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - /** module key typemaps **/ -@@ -160,7 +160,7 @@ - } - - %typemap(argout) semanage_module_key_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - /** context typemaps **/ -@@ -172,7 +172,7 @@ - } - - %typemap(argout) semanage_context_t** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - /** boolean typemaps **/ -@@ -197,7 +197,7 @@ - (void (*) (void*)) &semanage_bool_free, &plist) < 0) - $result = SWIG_From_int(STATUS_ERR); - else -- $result = SWIG_Python_AppendOutput($result, plist); -+ $result = SWIG_AppendOutput($result, plist); - } - } - } -@@ -207,11 +207,11 @@ - } - - %typemap(argout) semanage_bool_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(argout) semanage_bool_key_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(in, numinputs=0) semanage_bool_key_t **(semanage_bool_key_t *temp=NULL) { -@@ -240,7 +240,7 @@ - (void (*) (void*)) &semanage_fcontext_free, &plist) < 0) - $result = SWIG_From_int(STATUS_ERR); - else -- $result = SWIG_Python_AppendOutput($result, plist); -+ $result = SWIG_AppendOutput($result, plist); - } - } - } -@@ -250,11 +250,11 @@ - } - - %typemap(argout) semanage_fcontext_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(argout) semanage_fcontext_key_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(in, numinputs=0) semanage_fcontext_key_t **(semanage_fcontext_key_t *temp=NULL) { -@@ -284,7 +284,7 @@ - (void (*) (void*)) &semanage_iface_free, &plist) < 0) - $result = SWIG_From_int(STATUS_ERR); - else -- $result = SWIG_Python_AppendOutput($result, plist); -+ $result = SWIG_AppendOutput($result, plist); - } - } - } -@@ -294,11 +294,11 @@ - } - - %typemap(argout) semanage_iface_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(argout) semanage_iface_key_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(in, numinputs=0) semanage_iface_key_t **(semanage_iface_key_t *temp=NULL) { -@@ -328,7 +328,7 @@ - (void (*) (void*)) &semanage_seuser_free, &plist) < 0) - $result = SWIG_From_int(STATUS_ERR); - else -- $result = SWIG_Python_AppendOutput($result, plist); -+ $result = SWIG_AppendOutput($result, plist); - } - } - } -@@ -338,11 +338,11 @@ - } - - %typemap(argout) semanage_seuser_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(argout) semanage_seuser_key_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(in, numinputs=0) semanage_seuser_key_t **(semanage_seuser_key_t *temp=NULL) { -@@ -371,7 +371,7 @@ - (void (*) (void*)) &semanage_user_free, &plist) < 0) - $result = SWIG_From_int(STATUS_ERR); - else -- $result = SWIG_Python_AppendOutput($result, plist); -+ $result = SWIG_AppendOutput($result, plist); - } - } - } -@@ -381,11 +381,11 @@ - } - - %typemap(argout) semanage_user_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(argout) semanage_user_key_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(in, numinputs=0) semanage_user_key_t **(semanage_user_key_t *temp=NULL) { -@@ -414,7 +414,7 @@ - (void (*) (void*)) &semanage_port_free, &plist) < 0) - $result = SWIG_From_int(STATUS_ERR); - else -- $result = SWIG_Python_AppendOutput($result, plist); -+ $result = SWIG_AppendOutput($result, plist); - } - } - } -@@ -424,11 +424,11 @@ - } - - %typemap(argout) semanage_port_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(argout) semanage_port_key_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(in, numinputs=0) semanage_port_key_t **(semanage_port_key_t *temp=NULL) { -@@ -457,7 +457,7 @@ - (void (*) (void*)) &semanage_ibpkey_free, &plist) < 0) - $result = SWIG_From_int(STATUS_ERR); - else -- $result = SWIG_Python_AppendOutput($result, plist); -+ $result = SWIG_AppendOutput($result, plist); - } - } - } -@@ -467,11 +467,11 @@ - } - - %typemap(argout) semanage_ibpkey_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(argout) semanage_ibpkey_key_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(in, numinputs=0) semanage_ibpkey_key_t **(semanage_ibpkey_key_t *temp=NULL) { -@@ -500,7 +500,7 @@ - (void (*) (void*)) &semanage_ibendport_free, &plist) < 0) - $result = SWIG_From_int(STATUS_ERR); - else -- $result = SWIG_Python_AppendOutput($result, plist); -+ $result = SWIG_AppendOutput($result, plist); - } - } - } -@@ -510,11 +510,11 @@ - } - - %typemap(argout) semanage_ibendport_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(argout) semanage_ibendport_key_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(in, numinputs=0) semanage_ibendport_key_t **(semanage_ibendport_key_t *temp=NULL) { -@@ -543,7 +543,7 @@ - (void (*) (void*)) &semanage_node_free, &plist) < 0) - $result = SWIG_From_int(STATUS_ERR); - else -- $result = SWIG_Python_AppendOutput($result, plist); -+ $result = SWIG_AppendOutput($result, plist); - } - } - } -@@ -553,12 +553,12 @@ - } - - %typemap(argout) semanage_node_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - - %typemap(argout) semanage_node_key_t ** { -- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(in, numinputs=0) semanage_node_key_t **(semanage_node_key_t *temp=NULL) { -diff --git a/src/semanageswig_ruby.i b/src/semanageswig_ruby.i -index e030e4aea7..9010b5456b 100644 ---- a/src/semanageswig_ruby.i -+++ b/src/semanageswig_ruby.i -@@ -38,7 +38,7 @@ - } - - %typemap(argout) semanage_module_info_t ** { -- $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - /** context typemaps **/ -@@ -50,7 +50,7 @@ - } - - %typemap(argout) semanage_context_t** { -- $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - /** boolean typemaps **/ -@@ -66,11 +66,11 @@ - } - - %typemap(argout) semanage_bool_t ** { -- $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(argout) semanage_bool_key_t ** { -- $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(in, numinputs=0) semanage_bool_key_t **(semanage_bool_key_t *temp=NULL) { -@@ -90,11 +90,11 @@ - } - - %typemap(argout) semanage_fcontext_t ** { -- $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(argout) semanage_fcontext_key_t ** { -- $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(in, numinputs=0) semanage_fcontext_key_t **(semanage_fcontext_key_t *temp=NULL) { -@@ -114,11 +114,11 @@ - } - - %typemap(argout) semanage_iface_t ** { -- $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(argout) semanage_iface_key_t ** { -- $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(in, numinputs=0) semanage_iface_key_t **(semanage_iface_key_t *temp=NULL) { -@@ -138,11 +138,11 @@ - } - - %typemap(argout) semanage_seuser_t ** { -- $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(argout) semanage_seuser_key_t ** { -- $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(in, numinputs=0) semanage_seuser_key_t **(semanage_seuser_key_t *temp=NULL) { -@@ -162,11 +162,11 @@ - } - - %typemap(argout) semanage_user_t ** { -- $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(argout) semanage_user_key_t ** { -- $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(in, numinputs=0) semanage_user_key_t **(semanage_user_key_t *temp=NULL) { -@@ -186,11 +186,11 @@ - } - - %typemap(argout) semanage_port_t ** { -- $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(argout) semanage_port_key_t ** { -- $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(in, numinputs=0) semanage_port_key_t **(semanage_port_key_t *temp=NULL) { -@@ -210,12 +210,12 @@ - } - - %typemap(argout) semanage_node_t ** { -- $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - - %typemap(argout) semanage_node_key_t ** { -- $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); -+ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0)); - } - - %typemap(in, numinputs=0) semanage_node_key_t **(semanage_node_key_t *temp=NULL) { diff --git a/backport-libsemanage-free-ibdev-names-in-semanage_ibendport_v.patch b/backport-libsemanage-free-ibdev-names-in-semanage_ibendport_v.patch deleted file mode 100644 index 447aae8fe5685d9ae4f1bf3c29f792d58f406aa6..0000000000000000000000000000000000000000 --- a/backport-libsemanage-free-ibdev-names-in-semanage_ibendport_v.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 61856379a15a7ed311a7bc55178407d53e553d3a Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= -Date: Mon, 11 Nov 2024 15:16:41 +0100 -Subject: [PATCH] libsemanage: free ibdev names in - semanage_ibendport_validate_local() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Christian Göttsche -Acked-by: James Carter - -Conflict:NA -Reference:https://github.com/SELinuxProject/selinux/commit/61856379a15a7ed311a7bc55178407d53e553d3a - ---- - src/ibendports_local.c | 12 ++++++++++-- - 1 file changed, 10 insertions(+), 2 deletions(-) - -diff --git a/src/ibendports_local.c b/src/ibendports_local.c -index e696fdca..feebfa63 100644 ---- a/src/ibendports_local.c -+++ b/src/ibendports_local.c -@@ -80,8 +80,8 @@ int semanage_ibendport_validate_local(semanage_handle_t *handle) - semanage_ibendport_t **ibendports = NULL; - unsigned int nibendports = 0; - unsigned int i = 0, j = 0; -- char *ibdev_name; -- char *ibdev_name2; -+ char *ibdev_name = NULL; -+ char *ibdev_name2 = NULL; - int port; - int port2; - -@@ -97,6 +97,8 @@ int semanage_ibendport_validate_local(semanage_handle_t *handle) - while (i < nibendports) { - int stop = 0; - -+ free(ibdev_name); -+ ibdev_name = NULL; - if (STATUS_SUCCESS != - semanage_ibendport_get_ibdev_name(handle, - ibendports[i], -@@ -114,6 +116,8 @@ int semanage_ibendport_validate_local(semanage_handle_t *handle) - if (j == nibendports - 1) - goto next; - j++; -+ free(ibdev_name2); -+ ibdev_name2 = NULL; - if (STATUS_SUCCESS != - semanage_ibendport_get_ibdev_name(handle, - ibendports[j], -@@ -136,6 +140,8 @@ next: - j = i; - } - -+ free(ibdev_name); -+ free(ibdev_name2); - for (i = 0; i < nibendports; i++) - semanage_ibendport_free(ibendports[i]); - free(ibendports); -@@ -145,6 +151,8 @@ err: - ERR(handle, "could not complete ibendports validity check"); - - invalid: -+ free(ibdev_name); -+ free(ibdev_name2); - for (i = 0; i < nibendports; i++) - semanage_ibendport_free(ibendports[i]); - free(ibendports); --- -2.33.0 - diff --git a/backport-libsemanage-free-resources-on-failed-connect-attempt.patch b/backport-libsemanage-free-resources-on-failed-connect-attempt.patch deleted file mode 100644 index 9e40f57c208bb168530efef43430e87c435a9a72..0000000000000000000000000000000000000000 --- a/backport-libsemanage-free-resources-on-failed-connect-attempt.patch +++ /dev/null @@ -1,115 +0,0 @@ -From e6d03452223c2404b9cfd04855ac8fca556e409d Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= -Date: Mon, 11 Nov 2024 15:16:32 +0100 -Subject: [PATCH] libsemanage: free resources on failed connect attempt -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -In case connecting to the semanage database fails, free all already -allocated resources. - -Signed-off-by: Christian Göttsche -Acked-by: James Carter - -Conflict:NA -Reference:https://github.com/SELinuxProject/selinux/commit/e6d03452223c2404b9cfd04855ac8fca556e409d - ---- - src/database_activedb.c | 3 +++ - src/database_file.c | 3 +++ - src/database_join.c | 3 +++ - src/database_policydb.c | 2 +- - src/direct_api.c | 1 + - src/handle.c | 5 ++--- - 6 files changed, 13 insertions(+), 4 deletions(-) - -diff --git a/src/database_activedb.c b/src/database_activedb.c -index fa6b6105..e0369963 100644 ---- a/src/database_activedb.c -+++ b/src/database_activedb.c -@@ -139,6 +139,9 @@ int dbase_activedb_init(semanage_handle_t * handle, - void dbase_activedb_release(dbase_activedb_t * dbase) - { - -+ if (!dbase) -+ return; -+ - dbase_llist_drop_cache(&dbase->llist); - free(dbase); - } -diff --git a/src/database_file.c b/src/database_file.c -index a7773fb5..09b32f8f 100644 ---- a/src/database_file.c -+++ b/src/database_file.c -@@ -191,6 +191,9 @@ int dbase_file_init(semanage_handle_t * handle, - void dbase_file_release(dbase_file_t * dbase) - { - -+ if (!dbase) -+ return; -+ - dbase_llist_drop_cache(&dbase->llist); - free(dbase); - } -diff --git a/src/database_join.c b/src/database_join.c -index 2a2008e8..bf260952 100644 ---- a/src/database_join.c -+++ b/src/database_join.c -@@ -271,6 +271,9 @@ int dbase_join_init(semanage_handle_t * handle, - void dbase_join_release(dbase_join_t * dbase) - { - -+ if (!dbase) -+ return; -+ - dbase_llist_drop_cache(&dbase->llist); - free(dbase); - } -diff --git a/src/database_policydb.c b/src/database_policydb.c -index 95418365..54b82958 100644 ---- a/src/database_policydb.c -+++ b/src/database_policydb.c -@@ -44,7 +44,7 @@ struct dbase_policydb { - static void dbase_policydb_drop_cache(dbase_policydb_t * dbase) - { - -- if (dbase->cache_serial >= 0) { -+ if (dbase && dbase->cache_serial >= 0) { - sepol_policydb_free(dbase->policydb); - dbase->cache_serial = -1; - dbase->modified = 0; -diff --git a/src/direct_api.c b/src/direct_api.c -index 8f8dc0da..ed4343dc 100644 ---- a/src/direct_api.c -+++ b/src/direct_api.c -@@ -321,6 +321,7 @@ int semanage_direct_connect(semanage_handle_t * sh) - - err: - ERR(sh, "could not establish direct connection"); -+ (void) semanage_direct_disconnect(sh); - return STATUS_ERR; - } - -diff --git a/src/handle.c b/src/handle.c -index f048f6d7..9bb84546 100644 ---- a/src/handle.c -+++ b/src/handle.c -@@ -361,12 +361,11 @@ int semanage_access_check(semanage_handle_t * sh) - - int semanage_disconnect(semanage_handle_t * sh) - { -- assert(sh != NULL && sh->funcs != NULL -- && sh->funcs->disconnect != NULL); -+ assert(sh != NULL); - if (!sh->is_connected) { - return 0; - } -- if (sh->funcs->disconnect(sh) < 0) { -+ if (sh->funcs && sh->funcs->disconnect(sh) < 0) { - return -1; - } - sh->is_in_transaction = 0; --- -2.33.0 - diff --git a/backport-libsemanage-handle-cil_set_handle_unknown-failure.patch b/backport-libsemanage-handle-cil_set_handle_unknown-failure.patch deleted file mode 100644 index 7054ea37b4358b9782420f96c1a177d218b15270..0000000000000000000000000000000000000000 --- a/backport-libsemanage-handle-cil_set_handle_unknown-failure.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 419a76e65693affcf89746fe9b9ad20c62e541bb Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= -Date: Mon, 25 Nov 2024 12:18:33 +0100 -Subject: [PATCH] libsemanage: handle cil_set_handle_unknown() failure -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Christian Göttsche - -Conflict:Context adaptation -Reference:https://github.com/SELinuxProject/selinux/commit/419a76e65693affcf89746fe9b9ad20c62e541bb - ---- - src/direct_api.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/direct_api.c b/src/direct_api.c -index 85876676..a271a576 100644 ---- a/src/direct_api.c -+++ b/src/direct_api.c -@@ -1417,7 +1417,9 @@ rebuild: - cil_set_policy_version(cildb, sh->conf->policyvers); - - if (sh->conf->handle_unknown != -1) { -- cil_set_handle_unknown(cildb, sh->conf->handle_unknown); -+ retval = cil_set_handle_unknown(cildb, sh->conf->handle_unknown); -+ if (retval < 0) -+ goto cleanup; - } - - retval = semanage_load_files(sh, cildb, mod_filenames, num_modinfos); --- -2.33.0 - diff --git a/backport-libsemanage-handle-shell-allocation-failure.patch b/backport-libsemanage-handle-shell-allocation-failure.patch deleted file mode 100644 index 4cf17a8b9e8657c9525dfa923655e54b9f82ae8c..0000000000000000000000000000000000000000 --- a/backport-libsemanage-handle-shell-allocation-failure.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 9bde761fcb912fded145a16de767afe8a8a3977f Mon Sep 17 00:00:00 2001 -From: Christian Göttsche -Date: Fri, 18 Apr 2025 11:47:37 +0800 -Subject: [PATCH] libsemanage-handle-shell-allocation-failure - -Reference:https://github.com/SELinuxProject/selinux/commit/dcd755abdde87abdbb43855b7b1bc28d56a21c51 - ---- - src/genhomedircon.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/src/genhomedircon.c b/src/genhomedircon.c -index b35d7ba..230015c 100644 ---- a/src/genhomedircon.c -+++ b/src/genhomedircon.c -@@ -228,7 +228,7 @@ static semanage_list_t *get_shell_list(void) - free(temp); - semanage_list_destroy(&list); - fclose(shells); -- return default_shell_list(); -+ return NULL; - } - } - } -@@ -333,14 +333,18 @@ static semanage_list_t *get_home_dirs(genhomedircon_settings_t * s) - return homedir_list; - - shells = get_shell_list(); -- assert(shells); - -+ if (!shells) { -+ ERR(s->h_semanage, "Allocation failure!"); -+ goto fail; -+ } - path = semanage_findval(PATH_ETC_LOGIN_DEFS, "UID_MIN", NULL); - if (path && *path) { - temp = atoi(path); - minuid = temp; - minuid_set = 1; - } -+ - free(path); - path = NULL; - --- -2.33.0 - diff --git a/backport-libsemanage-open-lock_file-with-O_RDWR.patch b/backport-libsemanage-open-lock_file-with-O_RDWR.patch deleted file mode 100644 index b5ed7f05d9574978f10c89b77a0a8bc05541f63a..0000000000000000000000000000000000000000 --- a/backport-libsemanage-open-lock_file-with-O_RDWR.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 267d4f9bf5bce81eaaf2192ea297db0fadc173b9 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Mon, 11 Nov 2024 13:32:50 +0100 -Subject: [PATCH] libsemanage: open lock_file with O_RDWR - -man 2 flock: - Since Linux 2.6.12, NFS clients support flock() locks by emulating - them as fcntl(2) byte-range locks on the entire file. This means - that fcntl(2) and flock() locks do interact with one another - over NFS. It also means that in order to place an exclusive lock, - the file must be opened for writing. - -Fixes: - # semanage fcontext -d -e /home /tmp/testdir - libsemanage.semanage_get_lock: Error obtaining direct transaction lock at /var/lib/selinux/targeted/semanage.trans.LOCK. (Bad file descriptor). - OSError: Bad file descriptor - -Signed-off-by: Petr Lautrbach -Acked-by: James Carter - -Conflict:NA -Reference:https://github.com/SELinuxProject/selinux/commit/267d4f9bf5bce81eaaf2192ea297db0fadc173b9 - ---- - src/semanage_store.c | 14 ++++++-------- - 1 file changed, 6 insertions(+), 8 deletions(-) - -diff --git a/src/semanage_store.c b/src/semanage_store.c -index 0ac2e5b2..c26f5667 100644 ---- a/src/semanage_store.c -+++ b/src/semanage_store.c -@@ -1899,14 +1899,12 @@ static int semanage_get_lock(semanage_handle_t * sh, - struct timeval origtime, curtime; - int got_lock = 0; - -- if ((fd = open(lock_file, O_RDONLY)) == -1) { -- if ((fd = -- open(lock_file, O_RDWR | O_CREAT | O_TRUNC, -- S_IRUSR | S_IWUSR)) == -1) { -- ERR(sh, "Could not open direct %s at %s.", lock_name, -- lock_file); -- return -1; -- } -+ if ((fd = -+ open(lock_file, O_RDWR | O_CREAT | O_TRUNC, -+ S_IRUSR | S_IWUSR)) == -1) { -+ ERR(sh, "Could not open direct %s at %s.", lock_name, -+ lock_file); -+ return -1; - } - if (fcntl(fd, F_SETFD, FD_CLOEXEC) < 0) { - ERR(sh, "Could not set close-on-exec for %s at %s.", lock_name, --- -2.33.0 - diff --git a/backport-libsemanage-optimize-policy-by-default.patch b/backport-libsemanage-optimize-policy-by-default.patch deleted file mode 100644 index 54c11b84109d6e8c02f979a1c2cbb45ae97250ba..0000000000000000000000000000000000000000 --- a/backport-libsemanage-optimize-policy-by-default.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 22e2743d22ed6159feee1831046872641cd5ad0c Mon Sep 17 00:00:00 2001 -From: Christian Göttsche -Date: Fri, 18 Apr 2025 17:18:02 +0800 -Subject: [PATCH] libsemanage-optimize-policy-by-default - -Reference:https://github.com/SELinuxProject/selinux/commit/66da657a094a725d5f9d8e2441410afaa44bb7f3 - ---- - man/man5/semanage.conf.5 | 2 +- - src/conf-parse.y | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/man/man5/semanage.conf.5 b/man/man5/semanage.conf.5 -index 380b58b..b043fe5 100644 ---- a/man/man5/semanage.conf.5 -+++ b/man/man5/semanage.conf.5 -@@ -124,7 +124,7 @@ In order to compile the original HLL file into CIL, the same HLL file will need - .TP - .B optimize-policy - When set to "true", the kernel policy will be optimized upon rebuilds. --It can be set to either "true" or "false" and by default it is set to "false". -+It can be set to either "true" or "false" and by default it is set to "true". - - .SH "SEE ALSO" - .TP -diff --git a/src/conf-parse.y b/src/conf-parse.y -index 343fbf8..12f94b7 100644 ---- a/src/conf-parse.y -+++ b/src/conf-parse.y -@@ -364,7 +364,7 @@ static int semanage_conf_init(semanage_conf_t * conf) - conf->bzip_small = 0; - conf->ignore_module_cache = 0; - conf->remove_hll = 0; -- conf->optimize_policy = 0; -+ conf->optimize_policy = 1; - - conf->save_previous = 0; - conf->save_linked = 0; --- -2.33.0 - diff --git a/backport-libsemanage-set-O_CLOEXEC-flag-for-file-descriptors.patch b/backport-libsemanage-set-O_CLOEXEC-flag-for-file-descriptors.patch deleted file mode 100644 index 1e2660f0e7ff4c76b476870bc0daa662e0decdf7..0000000000000000000000000000000000000000 --- a/backport-libsemanage-set-O_CLOEXEC-flag-for-file-descriptors.patch +++ /dev/null @@ -1,364 +0,0 @@ -From f1eb41d1061b0aafce406ac6e2352de149d4e641 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= -Date: Mon, 25 Nov 2024 12:18:32 +0100 -Subject: [PATCH] libsemanage: set O_CLOEXEC flag for file descriptors -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Close internal managed file descriptors in case of an concurrent execve. - -Also avoid leaking file descriptors in get_shell_list(). - -Signed-off-by: Christian Göttsche - -Conflict:Context adaptation in compressed_file.c, database_policydb.c and semanage_store.c. - There is no semanage_setfiles() function. -Reference:https://github.com/SELinuxProject/selinux/commit/f1eb41d1061b0aafce406ac6e2352de149d4e641 - ---- - src/compressed_file.c | 4 ++-- - src/conf-parse.y | 2 +- - src/database_file.c | 2 +- - src/database_policydb.c | 2 +- - src/direct_api.c | 20 ++++++++++---------- - src/genhomedircon.c | 8 +++++--- - src/parse_utils.c | 2 +- - src/semanage_store.c | 24 ++++++++++++------------ - src/utilities.c | 2 +- - 9 files changed, 34 insertions(+), 32 deletions(-) - -diff --git a/src/compressed_file.c b/src/compressed_file.c -index e62d2a18..e4a1efb0 100644 ---- a/src/compressed_file.c -+++ b/src/compressed_file.c -@@ -48,7 +48,7 @@ static int bzip(semanage_handle_t *sh, const char *filename, void *data, - size_t len = 0; - FILE *f; - -- if ((f = fopen(filename, "wb")) == NULL) { -+ if ((f = fopen(filename, "wbe")) == NULL) { - return -1; - } - -@@ -177,7 +177,7 @@ int map_compressed_file(semanage_handle_t *sh, const char *path, - int ret = 0, fd = -1; - FILE *file = NULL; - -- fd = open(path, O_RDONLY); -+ fd = open(path, O_RDONLY | O_CLOEXEC); - if (fd == -1) { - ERR(sh, "Unable to open %s\n", path); - return -1; -diff --git a/src/conf-parse.y b/src/conf-parse.y -index d6481359..b2b84892 100644 ---- a/src/conf-parse.y -+++ b/src/conf-parse.y -@@ -468,7 +468,7 @@ semanage_conf_t *semanage_conf_parse(const char *config_filename) - if (semanage_conf_init(current_conf) == -1) { - goto cleanup; - } -- if ((semanage_in = fopen(config_filename, "r")) == NULL) { -+ if ((semanage_in = fopen(config_filename, "re")) == NULL) { - /* configuration file does not exist or could not be - * read. THIS IS NOT AN ERROR. just rely on the - * defaults. */ -diff --git a/src/database_file.c b/src/database_file.c -index 42e308d5..a54c5aee 100644 ---- a/src/database_file.c -+++ b/src/database_file.c -@@ -127,7 +127,7 @@ static int dbase_file_flush(semanage_handle_t * handle, dbase_file_t * dbase) - fname = dbase->path[handle->is_in_transaction]; - - mask = umask(0077); -- str = fopen(fname, "w"); -+ str = fopen(fname, "we"); - umask(mask); - if (!str) { - ERR(handle, "could not open %s for writing: %s", -diff --git a/src/database_policydb.c b/src/database_policydb.c -index da64a3ad..62467d15 100644 ---- a/src/database_policydb.c -+++ b/src/database_policydb.c -@@ -111,7 +111,7 @@ static int dbase_policydb_cache(semanage_handle_t * handle, - - /* Try opening file - * ENOENT is not fatal - we just create an empty policydb */ -- fp = fopen(fname, "rb"); -+ fp = fopen(fname, "rbe"); - if (fp == NULL && errno != ENOENT) { - ERR(handle, "could not open %s for reading: %s", - fname, strerror(errno)); -diff --git a/src/direct_api.c b/src/direct_api.c -index d5299796..85876676 100644 ---- a/src/direct_api.c -+++ b/src/direct_api.c -@@ -457,7 +457,7 @@ static int write_file(semanage_handle_t * sh, - int out; - - if ((out = -- open(filename, O_WRONLY | O_CREAT | O_TRUNC, -+ open(filename, O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, - S_IRUSR | S_IWUSR)) == -1) { - ERR(sh, "Could not open %s for writing.", filename); - return -1; -@@ -644,17 +644,17 @@ static int semanage_pipe_data(semanage_handle_t *sh, const char *path, const cha - */ - sigaction(SIGPIPE, &new_signal, &old_signal); - -- retval = pipe(input_fd); -+ retval = pipe2(input_fd, O_CLOEXEC); - if (retval == -1) { - ERR(sh, "Unable to create pipe for input pipe: %s\n", strerror(errno)); - goto cleanup; - } -- retval = pipe(output_fd); -+ retval = pipe2(output_fd, O_CLOEXEC); - if (retval == -1) { - ERR(sh, "Unable to create pipe for output pipe: %s\n", strerror(errno)); - goto cleanup; - } -- retval = pipe(err_fd); -+ retval = pipe2(err_fd, O_CLOEXEC); - if (retval == -1) { - ERR(sh, "Unable to create pipe for error pipe: %s\n", strerror(errno)); - goto cleanup; -@@ -826,7 +826,7 @@ static int semanage_direct_write_langext(semanage_handle_t *sh, - goto cleanup; - } - -- fp = fopen(fn, "w"); -+ fp = fopen(fn, "we"); - if (fp == NULL) { - ERR(sh, "Unable to open %s module ext file.", modinfo->name); - ret = -1; -@@ -1077,7 +1077,7 @@ static int semanage_compare_checksum(semanage_handle_t *sh, const char *referenc - int fd, retval; - char *data; - -- fd = open(path, O_RDONLY); -+ fd = open(path, O_RDONLY | O_CLOEXEC); - if (fd == -1) { - if (errno != ENOENT) { - ERR(sh, "Unable to open %s: %s\n", path, strerror(errno)); -@@ -1218,7 +1218,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) - } - if (sepol_get_disable_dontaudit(sh->sepolh) == 1) { - FILE *touch; -- touch = fopen(path, "w"); -+ touch = fopen(path, "we"); - if (touch != NULL) { - if (fclose(touch) != 0) { - ERR(sh, "Error attempting to create disable_dontaudit flag."); -@@ -1250,7 +1250,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) - - if (sepol_get_preserve_tunables(sh->sepolh) == 1) { - FILE *touch; -- touch = fopen(path, "w"); -+ touch = fopen(path, "we"); - if (touch != NULL) { - if (fclose(touch) != 0) { - ERR(sh, "Error attempting to create preserve_tunable flag."); -@@ -2109,7 +2109,7 @@ static int semanage_direct_set_enabled(semanage_handle_t *sh, - switch (enabled) { - case 0: /* disable the module */ - mask = umask(0077); -- fp = fopen(fn, "w"); -+ fp = fopen(fn, "we"); - umask(mask); - - if (fp == NULL) { -@@ -2296,7 +2296,7 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh, - goto cleanup; - } - -- fp = fopen(fn, "r"); -+ fp = fopen(fn, "re"); - - if (fp == NULL) { - ERR(sh, -diff --git a/src/genhomedircon.c b/src/genhomedircon.c -index fd2f8a89..53673645 100644 ---- a/src/genhomedircon.c -+++ b/src/genhomedircon.c -@@ -218,7 +218,7 @@ static semanage_list_t *get_shell_list(void) - size_t buff_len = 0; - ssize_t len; - -- shells = fopen(PATH_SHELLS_FILE, "r"); -+ shells = fopen(PATH_SHELLS_FILE, "re"); - if (!shells) - return default_shell_list(); - while ((len = getline(&temp, &buff_len, shells)) > 0) { -@@ -227,11 +227,13 @@ static semanage_list_t *get_shell_list(void) - if (semanage_list_push(&list, temp)) { - free(temp); - semanage_list_destroy(&list); -+ fclose(shells); - return default_shell_list(); - } - } - } - free(temp); -+ fclose(shells); - - return list; - } -@@ -503,7 +505,7 @@ static semanage_list_t *make_template(genhomedircon_settings_t * s, - FILE *template_file = NULL; - semanage_list_t *template_data = NULL; - -- template_file = fopen(s->homedir_template_path, "r"); -+ template_file = fopen(s->homedir_template_path, "re"); - if (!template_file) - return NULL; - template_data = semanage_slurp_file_filter(template_file, pred); -@@ -1413,7 +1415,7 @@ int semanage_genhomedircon(semanage_handle_t * sh, - s.h_semanage = sh; - s.policydb = policydb; - -- if (!(out = fopen(s.fcfilepath, "w"))) { -+ if (!(out = fopen(s.fcfilepath, "we"))) { - /* couldn't open output file */ - ERR(sh, "Could not open the file_context file for writing"); - retval = STATUS_ERR; -diff --git a/src/parse_utils.c b/src/parse_utils.c -index 2f33f629..d1d6e930 100644 ---- a/src/parse_utils.c -+++ b/src/parse_utils.c -@@ -45,7 +45,7 @@ void parse_release(parse_info_t * info) - int parse_open(semanage_handle_t * handle, parse_info_t * info) - { - -- info->file_stream = fopen(info->filename, "r"); -+ info->file_stream = fopen(info->filename, "re"); - if (!info->file_stream && (errno != ENOENT)) { - ERR(handle, "could not open file %s: %s", - info->filename, strerror(errno)); -diff --git a/src/semanage_store.c b/src/semanage_store.c -index 5cd2d219..d75aab68 100644 ---- a/src/semanage_store.c -+++ b/src/semanage_store.c -@@ -585,7 +585,7 @@ int semanage_create_store(semanage_handle_t * sh, int create) - if (stat(path, &sb) == -1) { - if (errno == ENOENT && create) { - mask = umask(0077); -- if ((fd = creat(path, S_IRUSR | S_IWUSR)) == -1) { -+ if ((fd = open(path, O_CREAT | O_WRONLY | O_TRUNC | O_CLOEXEC, S_IRUSR | S_IWUSR)) == -1) { - umask(mask); - ERR(sh, "Could not create lock file at %s.", - path); -@@ -682,7 +682,7 @@ int semanage_copy_file(semanage_handle_t *sh, const char *src, const char *dst, - if (n < 0 || n >= PATH_MAX) - return -1; - -- if ((in = open(src, O_RDONLY)) == -1) { -+ if ((in = open(src, O_RDONLY | O_CLOEXEC)) == -1) { - return -1; - } - -@@ -690,7 +690,7 @@ int semanage_copy_file(semanage_handle_t *sh, const char *src, const char *dst, - mode = S_IRUSR | S_IWUSR; - - mask = umask(0); -- if ((out = open(tmp, O_WRONLY | O_CREAT | O_TRUNC, mode)) == -1) { -+ if ((out = open(tmp, O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, mode)) == -1) { - umask(mask); - errsv = errno; - close(in); -@@ -1489,7 +1489,7 @@ int semanage_split_fc(semanage_handle_t * sh) - char buf[PATH_MAX] = { 0 }; - - /* I use fopen here instead of open so that I can use fgets which only reads a single line */ -- file_con = fopen(semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL), "r"); -+ file_con = fopen(semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL), "re"); - if (!file_con) { - ERR(sh, "Could not open %s for reading.", - semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL)); -@@ -1497,14 +1497,14 @@ int semanage_split_fc(semanage_handle_t * sh) - } - - fc = open(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC), -- O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR); -+ O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, S_IRUSR | S_IWUSR); - if (fc < 0) { - ERR(sh, "Could not open %s for writing.", - semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC)); - goto cleanup; - } - hd = open(semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL), -- O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR); -+ O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, S_IRUSR | S_IWUSR); - if (hd < 0) { - ERR(sh, "Could not open %s for writing.", - semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL)); -@@ -1719,7 +1719,7 @@ static int semanage_commit_sandbox(semanage_handle_t * sh) - memset(write_buf, 0, sizeof(write_buf)); - snprintf(write_buf, sizeof(write_buf), "%d", commit_number); - if ((fd = -- open(commit_filename, O_WRONLY | O_CREAT | O_TRUNC, -+ open(commit_filename, O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, - S_IRUSR | S_IWUSR)) == -1) { - ERR(sh, "Could not open commit number file %s for writing.", - commit_filename); -@@ -1735,7 +1735,7 @@ static int semanage_commit_sandbox(semanage_handle_t * sh) - close(fd); - - /* sync changes in sandbox to filesystem */ -- fd = open(sandbox, O_DIRECTORY); -+ fd = open(sandbox, O_DIRECTORY | O_CLOEXEC); - if (fd == -1) { - ERR(sh, "Error while opening %s for syncfs(): %d", sandbox, errno); - return -1; -@@ -1869,7 +1869,7 @@ static int semanage_get_lock(semanage_handle_t * sh, - int got_lock = 0; - - if ((fd = -- open(lock_file, O_RDWR | O_CREAT | O_TRUNC, -+ open(lock_file, O_RDWR | O_CREAT | O_TRUNC | O_CLOEXEC, - S_IRUSR | S_IWUSR)) == -1) { - ERR(sh, "Could not open direct %s at %s.", lock_name, - lock_file); -@@ -2013,7 +2013,7 @@ int semanage_direct_get_serial(semanage_handle_t * sh) - semanage_path(SEMANAGE_ACTIVE, SEMANAGE_COMMIT_NUM_FILE); - } - -- if ((fd = open(commit_filename, O_RDONLY)) == -1) { -+ if ((fd = open(commit_filename, O_RDONLY | O_CLOEXEC)) == -1) { - if (errno == ENOENT) { - /* the commit number file does not exist yet, - * so assume that the number is 0 */ -@@ -2093,7 +2093,7 @@ int semanage_read_policydb(semanage_handle_t * sh, sepol_policydb_t * in, - semanage_path(SEMANAGE_ACTIVE, file)) == NULL) { - goto cleanup; - } -- if ((infile = fopen(kernel_filename, "r")) == NULL) { -+ if ((infile = fopen(kernel_filename, "re")) == NULL) { - ERR(sh, "Could not open kernel policy %s for reading.", - kernel_filename); - goto cleanup; -@@ -2136,7 +2136,7 @@ int semanage_write_policydb(semanage_handle_t * sh, sepol_policydb_t * out, - semanage_path(SEMANAGE_TMP, file)) == NULL) { - goto cleanup; - } -- if ((outfile = fopen(kernel_filename, "wb")) == NULL) { -+ if ((outfile = fopen(kernel_filename, "wbe")) == NULL) { - ERR(sh, "Could not open kernel policy %s for writing.", - kernel_filename); - goto cleanup; -diff --git a/src/utilities.c b/src/utilities.c -index 77b948fa..70b5b677 100644 ---- a/src/utilities.c -+++ b/src/utilities.c -@@ -38,7 +38,7 @@ char *semanage_findval(const char *file, const char *var, const char *delim) - assert(file); - assert(var); - -- if ((fd = fopen(file, "r")) == NULL) -+ if ((fd = fopen(file, "re")) == NULL) - return NULL; - - while (getline(&buff, &buff_len, fd) > 0) { --- -2.33.0 - diff --git a/backport-libsemanage-simplify-file-deletion.patch b/backport-libsemanage-simplify-file-deletion.patch deleted file mode 100644 index d6d8b5ffb6c3bc0330c0f659874216bf3b3e46fa..0000000000000000000000000000000000000000 --- a/backport-libsemanage-simplify-file-deletion.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 46b6d4593fd0bf3286977a9fe7d48f849524543c Mon Sep 17 00:00:00 2001 -From: Christian Göttsche -Date: Fri, 18 Apr 2025 16:43:48 +0800 -Subject: [PATCH] libsemanage-simplify-file-deletion - -Reference: https://github.com/SELinuxProject/selinux/commit/d3a5ae39bee42eac520a3d07f252251a2167a323 - ---- - src/direct_api.c | 24 +++++++++--------------- - 1 file changed, 9 insertions(+), 15 deletions(-) - -diff --git a/src/direct_api.c b/src/direct_api.c -index 025b26e..03fc6ad 100644 ---- a/src/direct_api.c -+++ b/src/direct_api.c -@@ -2738,7 +2738,6 @@ static int semanage_direct_install_info(semanage_handle_t *sh, - int status = 0; - int ret = 0; - int type; -- struct stat sb; - - char path[PATH_MAX]; - mode_t mask = umask(0077); -@@ -2839,13 +2838,11 @@ static int semanage_direct_install_info(semanage_handle_t *sh, - goto cleanup; - } - -- if (stat(path, &sb) == 0) { -- ret = unlink(path); -- if (ret != 0) { -- ERR(sh, "Error while removing cached CIL file %s.", path); -- status = -3; -- goto cleanup; -- } -+ ret = unlink(path); -+ if (ret != 0 && errno != ENOENT) { -+ ERR(sh, "Error while removing cached CIL file %s.", path); -+ status = -3; -+ goto cleanup; - } - } - -@@ -2942,13 +2939,10 @@ static int semanage_direct_remove_key(semanage_handle_t *sh, - goto cleanup; - } - -- struct stat sb; -- if (stat(path, &sb) == 0) { -- ret = unlink(path); -- if (ret != 0) { -- status = -1; -- goto cleanup; -- } -+ ret = unlink(path); -+ if (ret != 0 && errno != ENOENT) { -+ status = -1; -+ goto cleanup; - } - } - else { --- -2.33.0 - diff --git a/fix-test-failure-with-secilc.patch b/fix-test-failure-with-secilc.patch index 95cb2c26e74b1c0cd165eb4dcfc94d3ef903688e..ecbe29ffacd2913167c1262d3f6bcdeb25060988 100644 --- a/fix-test-failure-with-secilc.patch +++ b/fix-test-failure-with-secilc.patch @@ -14,7 +14,7 @@ This patch deletes the testcode related to secilc. 2 files changed, 6 insertions(+), 22 deletions(-) diff --git a/tests/Makefile b/tests/Makefile -index 69f49a3..c98dae0 100644 +index 241ff17..cfedb76 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -1,6 +1,5 @@ @@ -36,18 +36,18 @@ index 69f49a3..c98dae0 100644 $(EXECUTABLE): $(OBJECTS) ../src/libsemanage.a $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS) -- + -%.policy: %.cil - ../../secilc/secilc $*.cil -o $*.policy -f /dev/null - - clean distclean: +- + clean distclean: - rm -rf $(OBJECTS) $(POLICIES) $(EXECUTABLE) + rm -rf $(OBJECTS) $(EXECUTABLE) - test: all + test: all ./$(EXECUTABLE) diff --git a/tests/libsemanage-tests.c b/tests/libsemanage-tests.c -index 2ae4a21..df2d5b2 100644 +index 1d41a03..6e3f4db 100644 --- a/tests/libsemanage-tests.c +++ b/tests/libsemanage-tests.c @@ -21,14 +21,6 @@ @@ -65,12 +65,12 @@ index 2ae4a21..df2d5b2 100644 #include "test_other.h" #include -@@ -68,14 +60,6 @@ static bool do_tests(int interactive, int verbose) +@@ -72,14 +64,6 @@ static bool do_tests(int interactive, int verbose) DECLARE_SUITE(semanage_store); DECLARE_SUITE(semanage_utilities); - DECLARE_SUITE(handle); -- DECLARE_SUITE(bool); +- DECLARE_SUITE(boolean); - DECLARE_SUITE(fcontext); - DECLARE_SUITE(iface); - DECLARE_SUITE(ibendport); @@ -80,5 +80,3 @@ index 2ae4a21..df2d5b2 100644 DECLARE_SUITE(other); if (verbose) --- -2.19.1 diff --git a/libsemanage-3.5.tar.gz b/libsemanage-3.5.tar.gz deleted file mode 100644 index 4db89695df48cb3d5866788de5ffb1fb90ec6d15..0000000000000000000000000000000000000000 Binary files a/libsemanage-3.5.tar.gz and /dev/null differ diff --git a/libsemanage-3.9.tar.gz b/libsemanage-3.9.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..76cc78ca9145162aa6fc74c4289f2a23a6a5519a Binary files /dev/null and b/libsemanage-3.9.tar.gz differ diff --git a/libsemanage.spec b/libsemanage.spec index 338dfc7a534a0dc78418a0e7cf3f1112208c169f..63500819c0451290c93bc2a10b27e0788d73c63e 100644 --- a/libsemanage.spec +++ b/libsemanage.spec @@ -2,38 +2,20 @@ %define libselinux_version 3.5-1 Name: libsemanage -Version: 3.5 -Release: 8 +Version: 3.9 +Release: 1 License: LGPL-2.1-or-later Summary: SELinux binary policy manipulation library URL: https://github.com/SELinuxProject/selinux/wiki Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/libsemanage-%{version}.tar.gz Source1: semanage.conf -Patch6001: backport-libsemanage-fix-swig-bindings-for-4.3.0.patch -Patch6002: backport-libsemanage-direct_api-INTEGER_OVERFLOW-read_len-rea.patch -Patch6003: backport-libsemanage-open-lock_file-with-O_RDWR.patch -Patch6004: backport-libsemanage-check-memory-allocations.patch -Patch6005: backport-libsemanage-free-resources-on-failed-connect-attempt.patch -Patch6006: backport-libsemanage-fix-asprintf-error-branch.patch -Patch6007: backport-libsemanage-avoid-leak-on-realloc-failure.patch -Patch6008: backport-libsemanage-free-ibdev-names-in-semanage_ibendport_v.patch -Patch6009: backport-libsemanage-check-for-path-formatting-failures.patch -Patch6010: backport-libsemanage-set-O_CLOEXEC-flag-for-file-descriptors.patch -Patch6011: backport-libsemanage-check-closing-written-files.patch -Patch6012: backport-libsemanage-handle-cil_set_handle_unknown-failure.patch -Patch6013: backport-libsemanage-handle-shell-allocation-failure.patch -Patch6014: backport-libsemanage-drop-duplicate-newlines-and-error-descriptions-in-error-messages.patch -Patch6015: backport-libsemanage-simplify-file-deletion.patch -Patch6016: backport-libsemanage-optimize-policy-by-default.patch - Patch9000: fix-test-failure-with-secilc.patch BuildRequires: gcc python3-devel bison flex bzip2-devel audit-libs-devel BuildRequires: libselinux-devel >= %{libselinux_version} swig libsepol-devel >= %{libsepol_version} BuildRequires: CUnit-devel gdb-headless -Requires: bzip2-libs audit-libs Requires: libselinux >= %{libselinux_version} %description @@ -115,9 +97,11 @@ make test %files help %{_mandir}/man3/* %{_mandir}/man5/* -%lang(ru) %{_mandir}/ru/man5/* %changelog +* Tue Sep 16 2025 Funda Wang - 3.9-1 +- update to 3.9 + * Wed May 7 2025 yixiangzhike - 3.5-8 - Change the author's mailbox